Helping libraries suffering from multiple identity disorder

February 5, 2018

While most patron access to library resources remains anonymous, an increasing number of libraries are using patron identity behind the scenes to increase security (it’s a lot easier to shut off access from compromised credentials), improve user experience, and better understand resource usage and to manage resource costs more effectively [learn more].

Note: This topic is different from sharing identity data with publishers and other resource providers, which is a whole topic of its own. I’m just focusing on libraries tracking patron identity for internal purposes.

Verifying patron identities requires an integration with an Identity Provider (IdP) – a system that creates and manages identity information, and provides user authentication as a service. For many libraries, the IdP is their organization’s internal directory – managed by the IT department. Integrating that directory into the resource access workflow allows patrons to use their existing network credentials to authenticate, greatly simplifying login.

Even better, patrons who are already signed into a local IdP that supports Single Sign-On (SSO) will benefit from seamless access to a resource without an additional login screen.

Why libraries need multiple identity sources

As network credentials increasingly become the key that organizations use to manage access to internal applications, there can be categories of users whose identities are better managed in different ways and separate from the local directory.

For example, some organizations manage student identities on dedicated third party software that is managed outside of IT (e.g. the Bursar) and ties into other applications, such as grading systems.

Another example is affiliated users, such as visiting scholars, preceptors, or alumni, that aren’t listed in an internal network directory. These users may only need access to specific resources and/or for a specific time period.

Multiple identities = Multiple pathways

Having multiple identity sources can bring significant challenges.

Each source will likely offer a distinct login experience, capture a unique set of user metadata, rely on a different technology, and might require you to liaise with different parts of your organization.

Library patrons can face disconnected access pathways, and resolving access issues are often more time-consuming. Worse, the library may be left with a splintered understanding of usage patterns unless access statistics can be aggregated across sources.

3 steps to Unify the login experience

The solution is to design access pathways around simplifying the user experience, with technology as a means to end, not an end in itself.

1. Single Access Page

Deliver a single login page that integrates multiple IdPs under the hood. IdPs can come and go behind the scenes, but the access experience is consistent.

2. Use existing metadata

Minimize requests for additional user information by mapping your variant IdP metadata against a standard template to automate the creation of user profiles. These profiles can then be used to build easily maintainable resource access logic.

3. Remember user preferences

Enable users to bypass this unified screen when you already know their choice of IdP (with an option to avoid this on shared devices).

Best of all, this allows the library to record granular usage stats against these user profiles e.g. by role, department, location etc. Libraries concerned with patron privacy can use anonymous identifiers while still recording aggregate statistics at a meaningful level, such as user category or department.

By understanding resource usage, the library can maximize value from their resource budget.

Here’s one we baked earlier …

We recently implemented resource access for a library that included all 3 of these examples: